CWE:
 

Topic
Date
Author
Med.
RVSiteBuilder RVGlobalSoft CMS High-Performance Hosting Provider Serious Multiple Vulnerabilities
11.06.2018
KingSkrupellos
Low
Atlassian Confluence AppFusions Doxygen 1.3.x Information Disclosure
22.11.2016
RCE
High
Centreon 2.5.3 Code Execution
27.02.2016
Nicolas CHATELAIN


CVEMAP Search Results

CVE
Details
Description
2021-10-11
Medium
CVE-2021-35060

Vendor: Openwaygroup
Software: WAY4
 

 
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.

 
2021-10-07
Low
CVE-2021-20552

Updating...
 

 
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

 
2021-09-23
Low
CVE-2021-1546

Vendor: Cisco
Software: Sd-wan vbond...
 

 
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.

 
Low
CVE-2021-20485

Vendor: IBM
Software: Sterling fil...
 

 
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

 
Low
CVE-2021-20377

Vendor: IBM
Software: Security gua...
 

 
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

 
Low
CVE-2020-4941

Vendor: IBM
Software: Edge applica...
 

 
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

 
2021-09-07
Medium
CVE-2021-32766

Vendor: Nextcloud
Software: Nextcloud
 

 
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.

 
Medium
CVE-2021-35947

Vendor: Owncloud
Software: Owncloud
 

 
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.

 
2021-08-30
Medium
CVE-2021-25958

Vendor: Apache
Software: Ofbiz
 

 
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.

 
2021-08-23
Low
CVE-2021-22249

Vendor: Gitlab
Software: Gitlab
 

 
A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group

 

 


Copyright 2021, cxsecurity.com

 

Back to Top